# Encrypted Compositions > \[!NOTE] > > Encryption is available to Twilio Enterprise Edition and Twilio Security Edition customers. Learn more about [Editions](https://www.twilio.com/en-us/editions). ## Overview The Twilio Composition Settings REST API lets you configure Twilio to store your compositions encrypted. Composition Settings work per-account (i.e. project). If you activate encryption, all Video Compositions in your account (or project) will get encrypted. This document contains reference information about the Composition Settings REST API for encryption. For a step-by-step guide, you can also read the [Encrypting your Stored Media developer guide](/docs/video/tutorials/encrypting-your-stored-media) ## Contents * [URI Schemes](#uri-schemes) * [Composition Settings instance resource](#composition-settings-instance-resource) * [Base URL](#base-url) * [Resource Properties](#resource-properties) * [HTTP `GET`: Get Settings](#http-get) * [HTTP `POST`: Set Settings](#http-post) * [Enabling Encrypted Compositions](#enable-encryption) * [Known Problems and Limitations](#known-problems-and-limitations) ## URI Schemes \[#uri-schemes] These are the URI schemes for the Composition Settings REST API and the supported methods: * `/v1/CompositionSettings/Default` * `GET`: Retrieves current Composition Settings. * `POST`: Updates the Composition Settings. ## Composition Settings instance resource \[#composition-settings-instance-resource] The `Default` `CompositionSettings` resource holds the default composition settings for the given Twilio account (or project). Its configuration will be applied to all Recording Compositions created in such account (or project). ### Base URL The Compositions Settings default resource is located at the following Base URL: ```bash https://video.twilio.com/v1/CompositionSettings/Default ``` ### Resource Properties \[#resource-properties] A CompositionSettings resource has the following properties: ```json {"type":"object","refName":"video.v1.composition_settings","modelName":"video_v1_composition_settings","properties":{"account_sid":{"type":"string","minLength":34,"maxLength":34,"pattern":"^AC[0-9a-fA-F]{32}$","nullable":true,"description":"The SID of the [Account](/docs/iam/api/account) that created the CompositionSettings resource."},"friendly_name":{"type":"string","nullable":true,"description":"The string that you assigned to describe the resource and that will be shown in the console"},"aws_credentials_sid":{"type":"string","minLength":34,"maxLength":34,"pattern":"^CR[0-9a-fA-F]{32}$","nullable":true,"description":"The SID of the stored Credential resource."},"aws_s3_url":{"type":"string","format":"uri","nullable":true,"description":"The URL of the AWS S3 bucket where the compositions are stored. We only support DNS-compliant URLs like `https://documentation-example-twilio-bucket/compositions`, where `compositions` is the path in which you want the compositions to be stored. This URL accepts only URI-valid characters, as described in the [RFC 3986](https://tools.ietf.org/html/rfc3986#section-2)."},"aws_storage_enabled":{"type":"boolean","nullable":true,"description":"Whether all compositions are written to the `aws_s3_url`. When `false`, all compositions are stored in our cloud."},"encryption_key_sid":{"type":"string","minLength":34,"maxLength":34,"pattern":"^CR[0-9a-fA-F]{32}$","nullable":true,"description":"The SID of the Public Key resource used for encryption."},"encryption_enabled":{"type":"boolean","nullable":true,"description":"Whether all compositions are stored in an encrypted form. The default is `false`."},"url":{"type":"string","format":"uri","nullable":true,"description":"The absolute URL of the resource."}}} ``` In the table above, the following properties are reserved for the feature called External S3 Storage: * `aws_credentials_sid` * `aws_s3_url` * `aws_storage_enabled` ### HTTP GET: Get Settings \[#http-get] Retrieves your account's default Composition Settings. For example: Fetch Composition Settings ```js // Download the helper library from https://www.twilio.com/docs/node/install const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio"; // Find your Account SID and Auth Token at twilio.com/console // and set the environment variables. See http://twil.io/secure const accountSid = process.env.TWILIO_ACCOUNT_SID; const authToken = process.env.TWILIO_AUTH_TOKEN; const client = twilio(accountSid, authToken); async function fetchCompositionSettings() { const compositionSetting = await client.video.compositionSettings().fetch(); console.log(compositionSetting.accountSid); } fetchCompositionSettings(); ``` ```python # Download the helper library from https://www.twilio.com/docs/python/install import os from twilio.rest import Client # Find your Account SID and Auth Token at twilio.com/console # and set the environment variables. See http://twil.io/secure account_sid = os.environ["TWILIO_ACCOUNT_SID"] auth_token = os.environ["TWILIO_AUTH_TOKEN"] client = Client(account_sid, auth_token) composition_setting = client.video.composition_settings().fetch() print(composition_setting.account_sid) ``` ```csharp // Install the C# / .NET helper library from twilio.com/docs/csharp/install using System; using Twilio; using Twilio.Rest.Video.V1; using System.Threading.Tasks; class Program { public static async Task Main(string[] args) { // Find your Account SID and Auth Token at twilio.com/console // and set the environment variables. See http://twil.io/secure string accountSid = Environment.GetEnvironmentVariable("TWILIO_ACCOUNT_SID"); string authToken = Environment.GetEnvironmentVariable("TWILIO_AUTH_TOKEN"); TwilioClient.Init(accountSid, authToken); var compositionSettings = await CompositionSettingsResource.FetchAsync(); Console.WriteLine(compositionSettings.AccountSid); } } ``` ```java // Install the Java helper library from twilio.com/docs/java/install import com.twilio.Twilio; import com.twilio.rest.video.v1.CompositionSettings; public class Example { // Find your Account SID and Auth Token at twilio.com/console // and set the environment variables. See http://twil.io/secure public static final String ACCOUNT_SID = System.getenv("TWILIO_ACCOUNT_SID"); public static final String AUTH_TOKEN = System.getenv("TWILIO_AUTH_TOKEN"); public static void main(String[] args) { Twilio.init(ACCOUNT_SID, AUTH_TOKEN); CompositionSettings compositionSettings = CompositionSettings.fetcher().fetch(); System.out.println(compositionSettings.getAccountSid()); } } ``` ```go // Download the helper library from https://www.twilio.com/docs/go/install package main import ( "fmt" "github.com/twilio/twilio-go" "os" ) func main() { // Find your Account SID and Auth Token at twilio.com/console // and set the environment variables. See http://twil.io/secure // Make sure TWILIO_ACCOUNT_SID and TWILIO_AUTH_TOKEN exists in your environment client := twilio.NewRestClient() resp, err := client.VideoV1.FetchCompositionSettings() if err != nil { fmt.Println(err.Error()) os.Exit(1) } else { if resp.AccountSid != nil { fmt.Println(*resp.AccountSid) } else { fmt.Println(resp.AccountSid) } } } ``` ```php video->compositionSettings()->fetch(); print $composition_setting->accountSid; ``` ```ruby # Download the helper library from https://www.twilio.com/docs/ruby/install require 'twilio-ruby' # Find your Account SID and Auth Token at twilio.com/console # and set the environment variables. See http://twil.io/secure account_sid = ENV['TWILIO_ACCOUNT_SID'] auth_token = ENV['TWILIO_AUTH_TOKEN'] @client = Twilio::REST::Client.new(account_sid, auth_token) composition_setting = @client .video .composition_settings .fetch puts composition_setting.account_sid ``` ```bash # Install the twilio-cli from https://twil.io/cli twilio api:video:v1:composition-settings:default:fetch ``` ```bash curl -X GET "https://video.twilio.com/v1/CompositionSettings/Default" \ -u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN ``` ```json { "account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "friendly_name": "string", "aws_credentials_sid": "CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "encryption_key_sid": "CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "aws_s3_url": "https://my-super-duper-bucket.s3.amazonaws.com/my/path/", "aws_storage_enabled": true, "encryption_enabled": true, "url": "https://video.twilio.com/v1/CompositionSettings/Default" } ``` ### HTTP POST: Set Settings \[#http-post] Sets your account's default Composition Settings. `POST` requests support the following parameters: ### Request body parameters ```json {"schema":{"type":"object","title":"CreateCompositionSettingsRequest","required":["FriendlyName"],"properties":{"FriendlyName":{"type":"string","description":"A descriptive string that you create to describe the resource and show to the user in the console"},"AwsCredentialsSid":{"type":"string","minLength":34,"maxLength":34,"pattern":"^CR[0-9a-fA-F]{32}$","description":"The SID of the stored Credential resource."},"EncryptionKeySid":{"type":"string","minLength":34,"maxLength":34,"pattern":"^CR[0-9a-fA-F]{32}$","description":"The SID of the Public Key resource to use for encryption."},"AwsS3Url":{"type":"string","format":"uri","description":"The URL of the AWS S3 bucket where the compositions should be stored. We only support DNS-compliant URLs like `https://documentation-example-twilio-bucket/compositions`, where `compositions` is the path in which you want the compositions to be stored. This URL accepts only URI-valid characters, as described in the [RFC 3986](https://tools.ietf.org/html/rfc3986#section-2)."},"AwsStorageEnabled":{"type":"boolean","description":"Whether all compositions should be written to the `aws_s3_url`. When `false`, all compositions are stored in our cloud."},"EncryptionEnabled":{"type":"boolean","description":"Whether all compositions should be stored in an encrypted form. The default is `false`."}}},"examples":{"create":{"value":{"lang":"json","value":"{\n \"FriendlyName\": \"friendly_name\",\n \"AwsCredentialsSid\": \"CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\",\n \"EncryptionKeySid\": \"CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab\",\n \"AwsS3Url\": \"https://my-super-duper-bucket.s3.amazonaws.com/my/path/\",\n \"AwsStorageEnabled\": true,\n \"EncryptionEnabled\": true\n}","meta":"","code":"{\n \"FriendlyName\": \"friendly_name\",\n \"AwsCredentialsSid\": \"CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\",\n \"EncryptionKeySid\": \"CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab\",\n \"AwsS3Url\": \"https://my-super-duper-bucket.s3.amazonaws.com/my/path/\",\n \"AwsStorageEnabled\": true,\n \"EncryptionEnabled\": true\n}","tokens":[["{","#C9D1D9"],"\n ",["\"FriendlyName\"","#7EE787"],[":","#C9D1D9"]," ",["\"friendly_name\"","#A5D6FF"],[",","#C9D1D9"],"\n ",["\"AwsCredentialsSid\"","#7EE787"],[":","#C9D1D9"]," ",["\"CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\"","#A5D6FF"],[",","#C9D1D9"],"\n ",["\"EncryptionKeySid\"","#7EE787"],[":","#C9D1D9"]," ",["\"CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab\"","#A5D6FF"],[",","#C9D1D9"],"\n ",["\"AwsS3Url\"","#7EE787"],[":","#C9D1D9"]," ",["\"https://my-super-duper-bucket.s3.amazonaws.com/my/path/\"","#A5D6FF"],[",","#C9D1D9"],"\n ",["\"AwsStorageEnabled\"","#7EE787"],[":","#C9D1D9"]," ",["true","#79C0FF"],[",","#C9D1D9"],"\n ",["\"EncryptionEnabled\"","#7EE787"],[":","#C9D1D9"]," ",["true","#79C0FF"],"\n",["}","#C9D1D9"]],"annotations":[],"themeName":"github-dark","style":{"color":"#c9d1d9","background":"#0d1117"}}}},"encodingType":"application/x-www-form-urlencoded","conditionalParameterMap":{}} ``` In the table above, the following parameters are reserved for the feature called External S3 Storage: * `AwsCredentialsSid` * `AwsS3Url` * `AwsStorageEnabled` #### Enabling Encrypted Compositions \[#enable-encryption] The following code snippets illustrate how you can set Encryption in your Compositions settings: Creates or updates the configuration to upload encrypted files to an external S3 bucket ```js // Download the helper library from https://www.twilio.com/docs/node/install const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio"; // Find your Account SID and Auth Token at twilio.com/console // and set the environment variables. See http://twil.io/secure const accountSid = process.env.TWILIO_ACCOUNT_SID; const authToken = process.env.TWILIO_AUTH_TOKEN; const client = twilio(accountSid, authToken); async function createCompositionSettings() { const compositionSetting = await client.video.compositionSettings().create({ awsCredentialsSid: "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", awsS3Url: "https://my-bucket.s3.amazonaws.com/recordings", awsStorageEnabled: true, encryptionEnabled: true, encryptionKeySid: "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", friendlyName: "Upload encrypted", }); console.log(compositionSetting.accountSid); } createCompositionSettings(); ``` ```python # Download the helper library from https://www.twilio.com/docs/python/install import os from twilio.rest import Client # Find your Account SID and Auth Token at twilio.com/console # and set the environment variables. See http://twil.io/secure account_sid = os.environ["TWILIO_ACCOUNT_SID"] auth_token = os.environ["TWILIO_AUTH_TOKEN"] client = Client(account_sid, auth_token) composition_setting = client.video.composition_settings().create( aws_s3_url="https://my-bucket.s3.amazonaws.com/recordings", aws_storage_enabled=True, aws_credentials_sid="CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", encryption_enabled=True, encryption_key_sid="CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", friendly_name="Upload encrypted", ) print(composition_setting.account_sid) ``` ```csharp // Install the C# / .NET helper library from twilio.com/docs/csharp/install using System; using Twilio; using Twilio.Rest.Video.V1; using System.Threading.Tasks; class Program { public static async Task Main(string[] args) { // Find your Account SID and Auth Token at twilio.com/console // and set the environment variables. See http://twil.io/secure string accountSid = Environment.GetEnvironmentVariable("TWILIO_ACCOUNT_SID"); string authToken = Environment.GetEnvironmentVariable("TWILIO_AUTH_TOKEN"); TwilioClient.Init(accountSid, authToken); var compositionSettings = await CompositionSettingsResource.CreateAsync( awsS3Url: new Uri("https://my-bucket.s3.amazonaws.com/recordings"), awsStorageEnabled: true, awsCredentialsSid: "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", encryptionEnabled: true, encryptionKeySid: "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", friendlyName: "Upload encrypted"); Console.WriteLine(compositionSettings.AccountSid); } } ``` ```java // Install the Java helper library from twilio.com/docs/java/install import java.net.URI; import com.twilio.Twilio; import com.twilio.rest.video.v1.CompositionSettings; public class Example { // Find your Account SID and Auth Token at twilio.com/console // and set the environment variables. See http://twil.io/secure public static final String ACCOUNT_SID = System.getenv("TWILIO_ACCOUNT_SID"); public static final String AUTH_TOKEN = System.getenv("TWILIO_AUTH_TOKEN"); public static void main(String[] args) { Twilio.init(ACCOUNT_SID, AUTH_TOKEN); CompositionSettings compositionSettings = CompositionSettings.creator("Upload encrypted") .setAwsS3Url(URI.create("https://my-bucket.s3.amazonaws.com/recordings")) .setAwsStorageEnabled(true) .setAwsCredentialsSid("CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") .setEncryptionEnabled(true) .setEncryptionKeySid("CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") .create(); System.out.println(compositionSettings.getAccountSid()); } } ``` ```go // Download the helper library from https://www.twilio.com/docs/go/install package main import ( "fmt" "github.com/twilio/twilio-go" video "github.com/twilio/twilio-go/rest/video/v1" "os" ) func main() { // Find your Account SID and Auth Token at twilio.com/console // and set the environment variables. See http://twil.io/secure // Make sure TWILIO_ACCOUNT_SID and TWILIO_AUTH_TOKEN exists in your environment client := twilio.NewRestClient() params := &video.CreateCompositionSettingsParams{} params.SetAwsS3Url("https://my-bucket.s3.amazonaws.com/recordings") params.SetAwsStorageEnabled(true) params.SetAwsCredentialsSid("CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") params.SetEncryptionEnabled(true) params.SetEncryptionKeySid("CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") params.SetFriendlyName("Upload encrypted") resp, err := client.VideoV1.CreateCompositionSettings(params) if err != nil { fmt.Println(err.Error()) os.Exit(1) } else { if resp.AccountSid != nil { fmt.Println(*resp.AccountSid) } else { fmt.Println(resp.AccountSid) } } } ``` ```php video->compositionSettings()->create( "Upload encrypted", // FriendlyName [ "awsS3Url" => "https://my-bucket.s3.amazonaws.com/recordings", "awsStorageEnabled" => true, "awsCredentialsSid" => "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "encryptionEnabled" => true, "encryptionKeySid" => "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", ] ); print $composition_setting->accountSid; ``` ```ruby # Download the helper library from https://www.twilio.com/docs/ruby/install require 'twilio-ruby' # Find your Account SID and Auth Token at twilio.com/console # and set the environment variables. See http://twil.io/secure account_sid = ENV['TWILIO_ACCOUNT_SID'] auth_token = ENV['TWILIO_AUTH_TOKEN'] @client = Twilio::REST::Client.new(account_sid, auth_token) composition_setting = @client .video .composition_settings .create( aws_s3_url: 'https://my-bucket.s3.amazonaws.com/recordings', aws_storage_enabled: true, aws_credentials_sid: 'CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', encryption_enabled: true, encryption_key_sid: 'CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', friendly_name: 'Upload encrypted' ) puts composition_setting.account_sid ``` ```bash # Install the twilio-cli from https://twil.io/cli twilio api:video:v1:composition-settings:default:update \ --aws-s3-url https://my-bucket.s3.amazonaws.com/recordings \ --aws-storage-enabled \ --aws-credentials-sid CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ --encryption-enabled \ --encryption-key-sid CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ --friendly-name "Upload encrypted" ``` ```bash curl -X POST "https://video.twilio.com/v1/CompositionSettings/Default" \ --data-urlencode "AwsS3Url=https://my-bucket.s3.amazonaws.com/recordings" \ --data-urlencode "AwsStorageEnabled=true" \ --data-urlencode "AwsCredentialsSid=CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" \ --data-urlencode "EncryptionEnabled=true" \ --data-urlencode "EncryptionKeySid=CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" \ --data-urlencode "FriendlyName=Upload encrypted" \ -u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN ``` ```json { "account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "friendly_name": "Upload encrypted", "aws_credentials_sid": "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "encryption_key_sid": "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "aws_s3_url": "https://my-bucket.s3.amazonaws.com/recordings", "aws_storage_enabled": true, "encryption_enabled": true, "url": "https://video.twilio.com/v1/CompositionSettings/Default" } ``` ## Known Problems and Limitations \[#known-problems-and-limitations] * No known problems.